← back
CVE-2026-3909

CVE-2026-3909

CVSS 8.8 HIGHEPSS 1.6%● KEVCWE-787
In short

A bug in Chrome's graphics engine (Skia) allows attackers to write data outside intended memory boundaries through a specially crafted webpage, potentially crashing the browser or executing malicious code.

Technical detail

Out-of-bounds write vulnerability in Skia rendering engine exploitable via crafted HTML; remote attack vector requiring user to visit malicious page; impacts memory integrity and may enable code execution or denial of service.

Summary generated and translated by AI from the official description.
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chrome

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_13.htmlhttps://issues.chromium.org/issues/491421267https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-3909